Skip to content

Fix IPv6 cleanup #10801

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Sep 9, 2024
Merged

Fix IPv6 cleanup #10801

merged 7 commits into from
Sep 9, 2024

Conversation

marc-gr
Copy link
Contributor

@marc-gr marc-gr commented Aug 16, 2024

Proposed commit message

Fix IPv6 cleanup in pipelines that replaced ::ffff: directly, malforming IPV6 addresses.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Related issues

@marc-gr marc-gr added the bugfix Pull request that fixes a bug issue label Aug 16, 2024
@marc-gr marc-gr marked this pull request as ready for review August 16, 2024 09:06
@marc-gr marc-gr requested review from a team as code owners August 16, 2024 09:06
@marc-gr marc-gr requested review from belimawr and mauri870 August 16, 2024 09:06
@elasticmachine
Copy link

elasticmachine commented Aug 16, 2024
edited
Loading

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@andrewkroh andrewkroh added Integration:sentinel_one_cloud_funnel SentinelOne Cloud Funnel Integration:system System Integration:sysmon_linux Sysmon for Linux Integration:windows Windows Team:Security-Windows Platform Security Windows Platform team [elastic/sec-windows-platform] Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Security-Linux Platform Linux Platform Security team [elastic/sec-linux-platform] labels Aug 16, 2024
@elasticmachine
Copy link

Pinging @elastic/sec-linux-platform (Team:Security-Linux Platform)

@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@elasticmachine
Copy link

Pinging @elastic/sec-windows-platform (Team:Security-Windows Platform)

@pierrehilbert pierrehilbert added the Team:Elastic-Agent-Data-Plane Agent Data Plane team [elastic/elastic-agent-data-plane] label Aug 17, 2024
@elasticmachine
Copy link

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)

efd6
efd6 reviewed Aug 18, 2024
View reviewed changes
Copy link
Contributor

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we have test cases for these?

@marc-gr marc-gr requested a review from efd6 August 19, 2024 10:26
@LaZyDK
Copy link
Contributor

LaZyDK commented Aug 21, 2024

I'm looking forward to this one :)

belimawr
belimawr approved these changes Aug 22, 2024
View reviewed changes
Copy link
Contributor

@belimawr belimawr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving the changes in the Windows integration.

Trinity2019
Trinity2019 approved these changes Aug 27, 2024
View reviewed changes
Copy link

@Trinity2019 Trinity2019 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good to me

efd6
efd6 approved these changes Aug 28, 2024
View reviewed changes
Copy link
Contributor

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit only

@andrewkroh andrewkroh added the Integration:o365 Microsoft Office 365 label Aug 28, 2024
@marc-gr
Copy link
Contributor Author

marc-gr commented Sep 6, 2024

Reverted the change in the regexp since there are samples were ips are not at the beginning, so this is more resilient as it is now.

@andrewkroh andrewkroh removed the Integration:o365 Microsoft Office 365 label Sep 6, 2024
@marc-gr marc-gr enabled auto-merge (squash) September 6, 2024 07:53
@marc-gr marc-gr disabled auto-merge September 6, 2024 07:54
@elasticmachine
Copy link

💚 Build Succeeded

History

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate failed Quality Gate failed

Failed conditions
78.8% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube

@efd6
Copy link
Contributor

efd6 commented Sep 6, 2024

@marc-gr What are the cases that don't start with zero colons? If they exist, they should probably be included in test cases.

@marc-gr marc-gr enabled auto-merge (squash) September 9, 2024 10:00
@marc-gr
Copy link
Contributor Author

marc-gr commented Sep 9, 2024

@marc-gr What are the cases that don't start with zero colons? If they exist, they should probably be included in test cases.

They were already in the samples, tests fail if I add the change.

@marc-gr marc-gr merged commit 01b8c6d into elastic:main Sep 9, 2024
4 of 5 checks passed
@elasticmachine
Copy link

Package sentinel_one_cloud_funnel - 1.3.1 containing this change is available at https://epr.elastic.co/search?package=sentinel_one_cloud_funnel

@elasticmachine
Copy link

Package sysmon_linux - 1.6.3 containing this change is available at https://epr.elastic.co/search?package=sysmon_linux

@elasticmachine
Copy link

Package system - 1.60.4 containing this change is available at https://epr.elastic.co/search?package=system

@elasticmachine
Copy link

Package windows - 2.0.1 containing this change is available at https://epr.elastic.co/search?package=windows

@efd6
Copy link
Contributor

efd6 commented Sep 10, 2024

^\[ is important.

@efd6 efd6 mentioned this pull request Sep 10, 2024
Merged
4 tasks
harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 4, 2025
@marc-gr
Fix IPv6 cleanup (elastic#10801)
efaf20e 
* Fix IPv6 cleanup

* Add tests examples

* Improve regexp

* Fix changelog quotes

* Revert "Improve regexp"

This reverts commit b7bfc7fb43da1661cb0a1745ec6e63de9c67cb29.
harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 5, 2025
@marc-gr
Fix IPv6 cleanup (elastic#10801)
442d24c 
* Fix IPv6 cleanup

* Add tests examples

* Improve regexp

* Fix changelog quotes

* Revert "Improve regexp"

This reverts commit b7bfc7fb43da1661cb0a1745ec6e63de9c67cb29.
@marc-gr marc-gr deleted the fix/ipv6-cleanup branch February 6, 2025 08:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@belimawr belimawr belimawr approved these changes

@bjmcnic bjmcnic bjmcnic approved these changes

@mauri870 mauri870 mauri870 approved these changes

@Trinity2019 Trinity2019 Trinity2019 approved these changes

@nfritts nfritts nfritts approved these changes

@efd6 efd6 efd6 approved these changes

@ishleenk17 ishleenk17 ishleenk17 approved these changes

Assignees
No one assigned
Labels
bugfix Pull request that fixes a bug issue Integration:sentinel_one_cloud_funnel SentinelOne Cloud Funnel Integration:sysmon_linux Sysmon for Linux Integration:system System Integration:windows Windows Team:Elastic-Agent-Data-Plane Agent Data Plane team [elastic/elastic-agent-data-plane] Team:Security-Linux Platform Linux Platform Security team [elastic/sec-linux-platform] Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Security-Windows Platform Security Windows Platform team [elastic/sec-windows-platform]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Windows system.security] IPv6 gsub causes invalid IPs